Skip to main content

What you may need to know about useBindVarsForViewCriteriaLiterals in adf-config.xml?

The 11.1.2 release has introduced a new flag useBindVarsForViewCriteriaLiterals in your application's adf-config.xml.
 <?xml version="1.0" encoding="US-ASCII" ?>  
 <adf-config .... >  
   <adf-adfm-config xmlns="http://xmlns.oracle.com/adfm/config">  
   <defaults useBindVarsForViewCriteriaLiterals="true"/>  
   ...  
  </adf-adfm-config>  
   ...  

Idea is to force the run time to generate temporary bind variables instead of directly using literal values while generating WHERE clause for the ViewCriteria. The above said configuration is done at application level which will set ViewCriteria::setUseBindVarsForLiterals(true) for all VC instances.
  • This will help to improve performance of query execution by caching SQLs
  • Reduce/avoid the chance for SQL injection

Comments

N said…
Hi Jobinesh,

I have a small question, we use literals for static values, for that if the framework uses bind vars, then what is the point, anyway we cant change the literals at runtime and can we assign different values for the bind vars. Thanks.
Anonymous said…
Hi Jobinesh,
Talking about sql injection, is there a way to avoid that in ADF?
I haven´t seen ADF developers addressing that issue (attacks, XSS, injection,etc).
Thank you.

Popular posts from this blog

How to set Bind Variable Values at runtime ?

In this post I'm sharing a couple of approaches for programmatically setting bind variables values at run time. This post is an attempt to explain 'When to use what ?'[ In case if you are familiar with 'Bind Variables' in ADF BC, please refer Section 5.10, Working with Bind Variables in Fusion Developer's Guide ]

1. Set the Bind Variable value using RowSet::setNamedWhereClauseParam(...)

You can use use the setNamedWhereClauseParam(...) method on the ViewObject interface (which extends oracle.jbo.RowSet) to set the value for bind variables. Please note this sets the value on default RowSet. In other words, this doesn't have any effect on the secondary RowSets that you/system generates.
ViewObject vo = am.findViewObject("EmployeesView1"); vo.setNamedWhereClauseParam("bindVarDeptId", new Number(10)); vo.executeQuery();
2. Set the Bind Variable value using ViewObject's VariableValueManager::setVariableValue(...)

VariableValueManager Ma…